On 11/11, Bernd Edlinger wrote: > > On 11/11/25 10:21, Christian Brauner wrote: > > On Wed, Nov 05, 2025 at 03:32:10PM +0100, Oleg Nesterov wrote: > >> > >> This is the most problematic change which I can't review... > >> > >> Firstly, it changes task->mm/real_cred for __ptrace_may_access() and this > >> looks dangerous to me. > > > > Yeah, that is not ok. This is effectively override_creds for real_cred > > and that is not a pattern I want to see us establish at all! Temporary > > credential overrides for the subjective credentials is already terrible > > but at least we have the explicit split between real_cred and cred > > expressely for that. So no, that's not an acceptable solution. > > > > Well when this is absolutely not acceptable then I would have to change > all security engines to be aware of the current and the new credentials.
Hmm... even if we find another way to avoid the deadlock? Say, the patches I sent... Oleg.
